Update phnt headers
This commit is contained in:
zeffy
183
inc/phnt/ntrtl.h
183
inc/phnt/ntrtl.h
@@ -1,6 +1,9 @@
|
||||
#ifndef _NTRTL_H
|
||||
#define _NTRTL_H
|
||||
|
||||
#define RtlOffsetToPointer(Base, Offset) ((PCHAR)(((PCHAR)(Base)) + ((ULONG_PTR)(Offset))))
|
||||
#define RtlPointerToOffset(Base, Pointer) ((ULONG)(((PCHAR)(Pointer)) - ((PCHAR)(Base))))
|
||||
|
||||
// Linked lists
|
||||
|
||||
FORCEINLINE VOID InitializeListHead(
|
||||
@@ -3209,7 +3212,7 @@ RtlDosSearchPath_U(
|
||||
|
||||
#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_ISOLATION_REDIRECTION 0x00000001
|
||||
#define RTL_DOS_SEARCH_PATH_FLAG_DISALLOW_DOT_RELATIVE_PATH_SEARCH 0x00000002
|
||||
#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION 0x00000004)
|
||||
#define RTL_DOS_SEARCH_PATH_FLAG_APPLY_DEFAULT_EXTENSION_WHEN_NOT_RELATIVE_PATH_EVEN_IF_FILE_HAS_EXTENSION 0x00000004
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
@@ -6589,4 +6592,182 @@ RtlCrc64(
|
||||
|
||||
#endif
|
||||
|
||||
// Image Mitigation
|
||||
|
||||
// rev
|
||||
typedef enum _IMAGE_MITIGATION_POLICY
|
||||
{
|
||||
ImageDepPolicy, // RTL_IMAGE_MITIGATION_DEP_POLICY
|
||||
ImageAslrPolicy, // RTL_IMAGE_MITIGATION_ASLR_POLICY
|
||||
ImageDynamicCodePolicy, // RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY
|
||||
ImageStrictHandleCheckPolicy, // RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY
|
||||
ImageSystemCallDisablePolicy, // RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
|
||||
ImageMitigationOptionsMask,
|
||||
ImageExtensionPointDisablePolicy, // RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY
|
||||
ImageControlFlowGuardPolicy, // RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY
|
||||
ImageSignaturePolicy, // RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY
|
||||
ImageFontDisablePolicy, // RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY
|
||||
ImageImageLoadPolicy, // RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY
|
||||
ImagePayloadRestrictionPolicy, // RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY
|
||||
ImageChildProcessPolicy, // RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY
|
||||
ImageSehopPolicy, // RTL_IMAGE_MITIGATION_SEHOP_POLICY
|
||||
ImageHeapPolicy, // RTL_IMAGE_MITIGATION_HEAP_POLICY
|
||||
MaxImageMitigationPolicy
|
||||
} IMAGE_MITIGATION_POLICY;
|
||||
|
||||
// rev
|
||||
typedef union _RTL_IMAGE_MITIGATION_POLICY
|
||||
{
|
||||
struct
|
||||
{
|
||||
ULONG64 AuditState : 2;
|
||||
ULONG64 AuditFlag : 1;
|
||||
ULONG64 EnableAdditionalAuditingOption : 1;
|
||||
ULONG64 Reserved : 60;
|
||||
};
|
||||
struct
|
||||
{
|
||||
ULONG64 PolicyState : 2;
|
||||
ULONG64 AlwaysInherit : 1;
|
||||
ULONG64 EnableAdditionalPolicyOption : 1;
|
||||
ULONG64 AuditReserved : 60;
|
||||
};
|
||||
} RTL_IMAGE_MITIGATION_POLICY, *PRTL_IMAGE_MITIGATION_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_DEP_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY Dep;
|
||||
} RTL_IMAGE_MITIGATION_DEP_POLICY, *PRTL_IMAGE_MITIGATION_DEP_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_ASLR_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY ForceRelocateImages;
|
||||
RTL_IMAGE_MITIGATION_POLICY BottomUpRandomization;
|
||||
RTL_IMAGE_MITIGATION_POLICY HighEntropyRandomization;
|
||||
} RTL_IMAGE_MITIGATION_ASLR_POLICY, *PRTL_IMAGE_MITIGATION_ASLR_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY BlockDynamicCode;
|
||||
} RTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY, *PRTL_IMAGE_MITIGATION_DYNAMIC_CODE_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY StrictHandleChecks;
|
||||
} RTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY, *PRTL_IMAGE_MITIGATION_STRICT_HANDLE_CHECK_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY BlockWin32kSystemCalls;
|
||||
} RTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_SYSTEM_CALL_DISABLE_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY DisableExtensionPoints;
|
||||
} RTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_EXTENSION_POINT_DISABLE_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY ControlFlowGuard;
|
||||
RTL_IMAGE_MITIGATION_POLICY StrictControlFlowGuard;
|
||||
} RTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY, *PRTL_IMAGE_MITIGATION_CONTROL_FLOW_GUARD_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY BlockNonMicrosoftSignedBinaries;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnforceSigningOnModuleDependencies;
|
||||
} RTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY, *PRTL_IMAGE_MITIGATION_BINARY_SIGNATURE_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY DisableNonSystemFonts;
|
||||
} RTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY, *PRTL_IMAGE_MITIGATION_FONT_DISABLE_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY BlockRemoteImageLoads;
|
||||
RTL_IMAGE_MITIGATION_POLICY BlockLowLabelImageLoads;
|
||||
RTL_IMAGE_MITIGATION_POLICY PreferSystem32;
|
||||
} RTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY, *PRTL_IMAGE_MITIGATION_IMAGE_LOAD_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableExportAddressFilter;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableExportAddressFilterPlus;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableImportAddressFilter;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableRopStackPivot;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableRopCallerCheck;
|
||||
RTL_IMAGE_MITIGATION_POLICY EnableRopSimExec;
|
||||
} RTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY, *PRTL_IMAGE_MITIGATION_PAYLOAD_RESTRICTION_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY DisallowChildProcessCreation;
|
||||
} RTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY, *PRTL_IMAGE_MITIGATION_CHILD_PROCESS_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_SEHOP_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY Sehop;
|
||||
} RTL_IMAGE_MITIGATION_SEHOP_POLICY, *PRTL_IMAGE_MITIGATION_SEHOP_POLICY;
|
||||
|
||||
// rev
|
||||
typedef struct _RTL_IMAGE_MITIGATION_HEAP_POLICY
|
||||
{
|
||||
RTL_IMAGE_MITIGATION_POLICY TerminateOnHeapErrors;
|
||||
} RTL_IMAGE_MITIGATION_HEAP_POLICY, *PRTL_IMAGE_MITIGATION_HEAP_POLICY;
|
||||
|
||||
typedef enum _RTL_IMAGE_MITIGATION_OPTION_STATE
|
||||
{
|
||||
RtlMitigationOptionStateNotConfigured,
|
||||
RtlMitigationOptionStateOn,
|
||||
RtlMitigationOptionStateOff
|
||||
} RTL_IMAGE_MITIGATION_OPTION_STATE;
|
||||
|
||||
// rev from PROCESS_MITIGATION_FLAGS
|
||||
#define RTL_IMAGE_MITIGATION_FLAG_RESET 0x1
|
||||
#define RTL_IMAGE_MITIGATION_FLAG_REMOVE 0x2
|
||||
#define RTL_IMAGE_MITIGATION_FLAG_OSDEFAULT 0x4
|
||||
#define RTL_IMAGE_MITIGATION_FLAG_AUDIT 0x8
|
||||
|
||||
#if (PHNT_VERSION >= PHNT_REDSTONE3)
|
||||
|
||||
// rev
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
RtlQueryImageMitigationPolicy(
|
||||
_In_opt_ PWSTR ImagePath, // NULL for system-wide defaults
|
||||
_In_ IMAGE_MITIGATION_POLICY Policy,
|
||||
_In_ ULONG Flags,
|
||||
_Inout_ PVOID Buffer,
|
||||
_In_ ULONG BufferSize
|
||||
);
|
||||
|
||||
// rev
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
RtlSetImageMitigationPolicy(
|
||||
_In_opt_ PWSTR ImagePath, // NULL for system-wide defaults
|
||||
_In_ IMAGE_MITIGATION_POLICY Policy,
|
||||
_In_ ULONG Flags,
|
||||
_Inout_ PVOID Buffer,
|
||||
_In_ ULONG BufferSize
|
||||
);
|
||||
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user